On Wed, Nov 30, 2011 at 1:01 PM, John Hinton <webmaster at ew3d.com> wrote: > On 11/30/2011 1:55 PM, Benjamin Donnachie wrote: > >>> Ssh is mostly about being able to log in. >> I've always adopted the policy of disabling root logins, making admins >> use a separate account with public/private key authentication and then >> requiring them to use su to elevate privileges. >> >> Has the advantage that your logs will tell you who logged in and >> performed an action rather than the vague 'root'. >> > How would you automate daily logins from another server to do something > like rsync the entire /etc directory to a backup system? You can set up a passwordless sudo that is passed as part of the ssh command. And I agree that this is likely to be a safer approach as long as the private key which is much like a written-down password can be protected well enough. -- Les Mikesell lesmikesell at gmail.com